Another “fight your evil admin” article… well you have a SSH account? And an evil Admin which restrict internet access, like no free WEB/IRC/ICQ/MSN/whatever? Good! You need a HTTP proxy server (a public one, but I think each ISP provides one).. End of Story. What else? Ah, you need a SSH client like Plink (I assume you use Windows) or Putty. We use Plink in this example.
So now enter the following command:
> plink.exe -v -pw SSH-PASSWORD SSH-USER@SSH-HOST -L LOCALHOST:PROXYSERVER:PROXYPORT
For example, your SSH Server is publicssh.org, and the Proxy run’s on publicproxy.com:8000:
> plink.exe -v -pw password email@example.com -L 1234:publicproxy.com:8000
This generates a SSH tunnel from your workstation via the SSH server to the HTTP proxy:
Now enter a HTTP proxy for your web browser (127.0.0.1 port 1234) and your done…If you need a SSH server, visit: http://www.rootshell.be, they provide free SSH accounts. Or check this site: http://www.ductape.net/~mitja/freeunix.shtml
For public HTTP proxies google around.. (“public http proxy”)
Probably you cannot access you SSH server on the default SSH port, because it might be blocked… (rootshell.be provide a SSH Server on port 443). In this case you need to use the “-P PORTNR” option.
Other interesting options with plink:
Dynamic SOCKS-based port forwarding
Forward local port to remote address
Forward remote port to local address
Of course you can also use PuTTY as SSH tunneling software:
Enter the “normal” connection settings (hostname and port) and click on the “Tunnels” section. Now enter you details, an example is shown above. You can of course you can enter multiple tunnels here, for example mail server (pop and smtp).
Btw: You can even use HTTP Proxies when you use Putty, so you should be able to use SSH tunnel from almost everywhere!
Also a good example would be, if you forward the local port to the destination port 3389 (Remote Desktop). In Putty this would look like this:
L12344 192.168.1.100:3389 (Forward 127.0.0.1:12344 -> Internet -> YOUR_SSH_SERVER -> 192.168.1.100:3389).
When you established the SSH connection, use mstsc.exe to connect to 127.0.0.1:12344.
Another possibility is, forward a port on a public server to your Server/Workstation (with the -R / Remote option)… just another idea, you’re welcome to contribute!
Check out the SSH tunneling article nr. 2 for a SOCKS tutorial (Use Putty and GAIM).
Edit Juni 2006:
A Linux example, create a SSH tunnel and forward the localport 2225 (smtp) and 22143 (imap) to the Exchange server, so you can access you Exchange Mailbox over SSH:
#ssh -L 2225:MAILSERVER:25 -L 22143:MAILSERVER:143 -o TCPKeepAlive=yes -l root -p SSHPORT SSHSERVER